- From: Greg Wilkins <gregw@intalio.com>
- Date: Thu, 12 Feb 2015 11:03:53 +1100
- To: Willy Tarreau <w@1wt.eu>
- Cc: Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAH_y2NEfaO0jBEOi1CYr=uv4bY+-05AvqMeb_MqvZ14pr=15cA@mail.gmail.com>
On 11 February 2015 at 17:08, Willy Tarreau <w@1wt.eu> wrote: > Hi Greg, > > On Wed, Feb 11, 2015 at 03:15:38PM +1100, Greg Wilkins wrote: > > Anyway, I've got my answer. There is no specific threat, just a > preference > > to not allow such a simple upgrade/downgrade for the sake of prudence. > I > > can accept that and while I'm still considering supporting a preface > based > > version switch, it will be a use-at-own-risk private feature. > > In fact, we all want to be strict on this in order to ensure that no lazy > implementer would notice it works well without the preface and decides not > to emit it. That's where the trouble could start. > Willy, definitely not proposing to allow HTTP2 without the prefix. I'm saying that if you want HTTP2, then you must follow the standard exactly - including the preface. However, if a HTTP/21 client does connect to a HTTP/2 server, the server will be able to detect this by the lack of preface. Standard calls for that to be a connection failure and I agree that is the prudent action for the specification to require. However, I have a use case for which I am considering a non standard extension that would allow the HTTP/1 connection to proceed (on the shaky ground as PHK says) and I just wanted to know if there was a specific threat that would expose, or just a general would-be-better-if-we-didn't-risk-it type of thing. cheers -- Greg Wilkins <gregw@intalio.com> @ Webtide - *an Intalio subsidiary* http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
Received on Thursday, 12 February 2015 00:04:23 UTC